I’ve implemented a passwordless SMS auth flow using Lock v11 and a custom SMS gateway (Twilio integration just returned errors with or without Copilot).
It’s all working well, except that neither would Lock prevent the trunk prefix input, nor would the API remove it, so users can submit a malformed mobile number which gets passed on to our SMS gateway and users never get the OTP (or an error message) left wondering what went wrong…
What I found so far:
- I could remove the extra number in our SMS gateway code – this would send the message out, but the wrong phone number would be saved for the user in the Auth0 database
- I could remove the extra number in a Pre-User Registration Hook (see code at the bottom*) – for some reason it didn’t get triggered
- I could do validation with Custom Database Error Handling – but it doesn’t seem to be possible to use anything but the completely opaque sms database generated by enabling the SMS passwordless flow. Maybe that’s also the reason why 2 above didn’t work?
So far none of the options seem workable, but I’d really like to avoid having to implement a custom UI just to implement this simple validation / replace rule. Is there any option I missed or any pointers what could I do differently?
Thanks a lot in advance!
Pre-User Registration Hook code I tried (very basic, just to see if it works):
response.user = user; response.user.phoneNumber = user.phoneNumber.replace('+440', '+44');